/**
 * Copyright &copy; wxwj All rights reserved.

 * @Title: SystemAuthorizingRealm.java 
 * @Package com.wf.qfhy.system 
 * @version V1.0 
 */
package com.wf.qfhy.system;

import javax.annotation.Resource;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

import com.wf.qfhy.domain.UserDomain;
import com.wf.qfhy.service.IUserService;

/**
 * @ClassName: SystemAuthorizingRealm
 * @Description: TODO(这里用一句话描述这个类的作用)
 * @author wangfei
 * @date 2017年6月6日 下午3:04:12
 */
public class SystemAuthorizingRealm extends AuthorizingRealm {
	@Resource
	private IUserService userService;

	/**
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		// 获取当前登录的用户名,等价于(String)principals.fromRealm(this.getName()).iterator().next()
		String currentUsername = (String) super.getAvailablePrincipal(principals);
		UserDomain userDomain = userService.doGetUserDomainByUserName(currentUsername);
		if (userDomain == null) {
			throw new AuthenticationException("msg:用户不存在。");
		}
		SimpleAuthorizationInfo simpleAuthorInfo = new SimpleAuthorizationInfo();
		// List<RoleModel> roleList = memberService.selectRoleByMemberId(member.getId());
		// List<PermissionModel> permList = memberService.selectPermissionByMemberId(member.getId());
		//
		// if (roleList != null && roleList.size() > 0) {
		// for (RoleModel role : roleList) {
		// if (role.getRoleCode() != null) {
		// simpleAuthorInfo.addRole(role.getRoleCode());
		// }
		// }
		// }
		//
		// if (permList != null && permList.size() > 0) {
		// for (PermissionModel perm : permList) {
		// if (perm.getCode() != null) {
		// simpleAuthorInfo.addStringPermission(perm.getCode());
		// }
		// }
		// }
		return simpleAuthorInfo;
	}

	/**
	 * 认证回调函数, 登录时调用
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
		// 获取基于用户名和密码的令牌
		// 实际上这个authcToken是从LoginController里面currentUser.login(token)传过来的
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		UserDomain userDomain = userService.doGetUserDomainByUserName(token.getUsername());
		if (userDomain != null) {
			if (userDomain.getIsLock() != null && userDomain.getIsLock() == Boolean.TRUE) {
				throw new AuthenticationException("msg:该已帐号禁止登录.");
			}
			AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(userDomain.getUserName(), userDomain.getPassWord(), this.getName());
			this.setSession("currentUser", userDomain.getUserName());
			return authcInfo;
		} else {
			// 如果帐号不存在，输出
			throw new UnknownAccountException();
		}
	}

	/**
	 * 保存登录名
	 */
	private void setSession(Object key, Object value) {
		Session session = getSession();
		System.out.println("Session默认超时时间为[" + session.getTimeout() + "]毫秒");
		if (null != session) {
			session.setAttribute(key, value);
		}
	}

	private Session getSession() {
		try {
			Subject subject = SecurityUtils.getSubject();
			Session session = subject.getSession(false);
			if (session == null) {
				session = subject.getSession();
			}
			if (session != null) {
				return session;
			}
		} catch (InvalidSessionException e) {

		}
		return null;
	}
}
